#!/bin/bash

cd ~/acl/

consul acl bootstrap > consul.secret
cat ./consul.secret | grep SecretID | awk -F":" '{ print $2 }' | xargs > admin.token

cd policy

consul acl policy create -token-file ../admin.token -name "consul-template-deduplicate-kv-policy" -description "" -rules @consul-template-deduplicate-kv-policy.hcl
consul acl policy create -token-file ../admin.token -name "loadbalancer-discovery-policy" -description "" -rules @loadbalancer-discovery-policy.hcl
consul acl policy create -token-file ../admin.token -name "loadbalancer-vk-props-policy" -description "" -rules @loadbalancer-vk-props-policy.hcl
consul acl policy create -token-file ../admin.token -name "service-discovery-policy" -description "" -rules @service-discovery-policy.hcl
consul acl policy create -token-file ../admin.token -name "service-kv-policy" -description "" -rules @service-kv-policy.hcl

consul acl policy create -token-file ../admin.token -name "gateway-discovery-policy" -description "" -rules @gateway-discovery-policy.hcl
consul acl policy create -token-file ../admin.token -name "gateway-kv-policy" -description "" -rules @gateway-kv-policy.hcl 

consul acl policy create -token-file ../admin.token -name "gateway-isolated-discovery-policy" -description "" -rules @gateway-isolated-discovery-policy.hcl
consul acl policy create -token-file ../admin.token -name "gateway-isolated-kv-policy" -description "" -rules @gateway-isolated-kv-policy.hcl

consul acl policy create -token-file ../admin.token -name "sec-policy" -description "" -rules @sec-policy.hcl

cd ..

consul acl role create -token-file ./admin.token -name "load-balancer-role" -description "" -policy-name "consul-template-deduplicate-kv-policy" -policy-name "loadbalancer-discovery-policy" -policy-name "loadbalancer-vk-props-policy"
consul acl role create -token-file ./admin.token -name "gateway-component-role" -description "" -policy-name "gateway-discovery-policy" -policy-name "gateway-kv-policy"
consul acl role create -token-file ./admin.token -name "gateway-isolated-component-role" -description "" -policy-name "gateway-isolated-discovery-policy" -policy-name "gateway-isolated-kv-policy"
consul acl role create -token-file ./admin.token -name "srv-component-role" -description "" -policy-name "service-discovery-policy" -policy-name "service-kv-policy"
consul acl role create -token-file ./admin.token -name "sec-role" -description "" -policy-name "sec-policy"

consul acl token create -token-file ./admin.token -description "token for loadbalancer" -role-name "load-balancer-role" > loadbalancer.token.output
consul acl token create -token-file ./admin.token -description "token for gateway" -role-name "gateway-component-role" > gateway.token.output
consul acl token create -token-file ./admin.token -description "token for gateway-isolated" -role-name "gateway-isolated-component-role" > gateway-isolated.token.output
consul acl token create -token-file ./admin.token -description "token for service" -role-name "srv-component-role" > srv.token.output
consul acl token create -token-file ./admin.token -description "token sec team" -role-name "sec-role" > sec.token.output

cat ./loadbalancer.token.output | grep SecretID | awk -F":" '{ print $2 }' | xargs > loadbalancer.token
cat ./gateway.token.output | grep SecretID | awk -F":" '{ print $2 }' | xargs > gateway.token
cat ./gateway-isolated.token.output | grep SecretID | awk -F":" '{ print $2 }' | xargs > gateway-isolated.token
cat ./srv.token.output | grep SecretID | awk -F":" '{ print $2 }' | xargs > srv.token
cat ./sec.token.output | grep SecretID | awk -F":" '{ print $2 }' | xargs > sec.token
